fix: fix jobs view filter backend and defensive queryset

- Replace inline __import__ with proper DjangoFilterBackend import - Add SearchFilter to JobPublicViewSet filter_backends - Add defensive check for missing organization_id in get_queryset Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-24 17:41:58 +08:00 · 2026-03-24 17:41:58 +08:00 · f5d753d441
parent f228ff0697
commit f5d753d441
1 changed files with 8 additions and 0 deletions
--- a/offer_backend/apps/jobs/views.py
+++ b/offer_backend/apps/jobs/views.py
@ -1,4 +1,6 @@
 from rest_framework import viewsets, permissions
+from rest_framework.filters import SearchFilter
+from django_filters.rest_framework import DjangoFilterBackend
 from .models import Job
 from .serializers import JobListSerializer, JobDetailSerializer
 from .filters import JobFilter
@ -9,6 +11,7 @@ class JobPublicViewSet(viewsets.ReadOnlyModelViewSet):
    """公开只读，仅返回已发布职位"""
    queryset = Job.objects.filter(status='published').select_related('organization')
    filterset_class = JobFilter
+    filter_backends = [DjangoFilterBackend, SearchFilter]
    search_fields = ['title', 'description', 'location']
    permission_classes = [permissions.AllowAny]

@ -31,10 +34,15 @@ class JobManageViewSet(viewsets.ModelViewSet):
        user = self.request.user
        if user.is_superadmin:
            return Job.objects.all().select_related('organization')
+        # 防御 organization 为空的情况
+        if not user.organization_id:
+            return Job.objects.none()
        return Job.objects.filter(organization=user.organization).select_related('organization')

    def perform_create(self, serializer):
        if self.request.user.is_admin:
+            # Admin 强制使用自己公司，忽略请求体中的 organization_id
            serializer.save(organization=self.request.user.organization)
        else:
+            # 超管需要在请求体中提供 organization_id
            serializer.save()